iT邦幫忙

2021 iThome 鐵人賽

DAY 27
0
DevOps

Hashicorp Jot Notes系列 第 27

Day 27. Hashicorp Vault: Install Vault on Kubernetes

Hashicorp Vault:Install Vault on Kubernetes

今天介紹如何透過helm快速安裝Vault在Kubernetes上,並調整符合自己需求的spec.

用法

  1. 加入Hashicorp helm repository
$ helm repo add hashicorp https://helm.releases.hashicorp.com
  1. 更新helm repository
$ helm repo update
  1. 安裝
$ helm install vault hashicorp/vault
  1. values.yaml額外的設定可以參考 github hashicorp/vault-helm
helm install \
  vault \
  hashicorp/vault \
  --namespace $NAMESPACE \
  --version $CHART_VERSION \
  --values $VALUES_FILE
  1. 查看 helm template, 可以知道package內容.
$ helm template vault hashicorp/vault

---
# Source: vault/templates/injector-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: vault-agent-injector
  namespace: default
  labels:
    app.kubernetes.io/name: vault-agent-injector
    app.kubernetes.io/instance: vault
    app.kubernetes.io/managed-by: Helm
---
# Source: vault/templates/server-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: vault
  namespace: default
  labels:
    helm.sh/chart: vault-0.16.0
    app.kubernetes.io/name: vault
    app.kubernetes.io/instance: vault
    app.kubernetes.io/managed-by: Helm
---
# Source: vault/templates/server-config-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: vault-config
  namespace: default
  labels:
    helm.sh/chart: vault-0.16.0
    app.kubernetes.io/name: vault
    app.kubernetes.io/instance: vault
    app.kubernetes.io/managed-by: Helm
data:
  extraconfig-from-values.hcl: |-
    disable_mlock = true
    ui = true

    listener "tcp" {
      tls_disable = 1
      address = "[::]:8200"
      cluster_address = "[::]:8201"
    }
    storage "file" {
      path = "/vault/data"
    }
    
    ...

上一篇
Day 26. Hashicorp Vault: Rate Limit
下一篇
Day 28. Hachicorp Consul: Server configuration for production
系列文
Hashicorp Jot Notes30

尚未有邦友留言

立即登入留言